Gaping holes discovered in global GPS

Share this article:
Researchers have developed three attacks capable of crippling Global Positioning System (GPS) infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unmanned drones.

The scenarios developed include novel remote attacks via malicious GPS broadcasts against consumer and professional-grade receivers, which could be launched using $2,500 worth of equipment.

A 45-second crafted GPS message could bring down up to 30 percent of the global GPS Continuously Operating Reference Stations (CORS), while other attacks could take down 20 percent of NTRIP networks, security boffins from Carnegie Mellon University and firm Coherent Navigation have said in a new paper (PDF).

The stations provide global navigation satellite system data to support "safety and life-critical applications," and NTRIP is the protocol used to stream that data online.

Together, attack scenarios created "serious ramifications to safety systems."

"Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack," the team of four researchers said.

Author Tyler Nighswander told SCMagazine.com.au that little was preventing attackers from replicating their custom spoofing hardware to launch the attacks.

"The good news is that, as far as we know, we are the only ones with a spoofing device currently capable of the types of attacks," Nighswander said. "The bad news is that our spoofer would not be prohibitively expensive and complicated for someone to build, if they had the proper skillset. It's difficult to put an exact likelihood on these attacks happening, but there are no huge [roadblocks] preventing it at the moment."

Attacks were conducted against seven receiver brands including Magellan, Garmin, GlobalSat, uBlox, LOCOSYS and iFly 700.

Trimble was working with researchers to push out a patch for its affected products, Nighswander said.

Attacks included location spoofing in applications used by planes, cars, trucks and ships to prisoner ankle bracelets, mobile phone towers, traffic lights, and SCADA systems.

It could also crash receivers used for applications from surveying to drone navigation, reset clock and open remote root shells on receivers.

Previously suggested long-term fixes involving adding authentication to civilian signals or new directional antennas were important, but were not useful in the short term due to their potential lengthy deployment cycles.

The researchers said an Electronic GPS Attack Detection System (EGADS) should be deployed, which could flag the noted data-level attacks, and an Electronic GPS Whitening System (EGWS) which could re-broadcast a "whitened signal" to otherwise vulnerable receivers.

The researchers said their work differed from existing GPS jamming and spoofing attacks because it detailed a larger attack surface "by viewing GPS as a computer system." This included analysis of GPS protocol messages and operating systems, the GPS software stack and how errors affect dependent systems.

"The overall landscape of GPS vulnerabilities is startling, and our experiments demonstrate a significantly larger attack surface than previously thought," the researchers wrote.

This story originally appeared on SCMagazine.com.au.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Phishing campaign passes off Pony Stealer trojan as 'overdue invoice'

The malware has previously been used to steal $220,000 worth of bitcoins from victims.

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.